b'Annual Report, \xe2\x80\x9cFederal Information Security Management Act: Fiscal Year 2010 Report\nfrom the Office of Inspector General\xe2\x80\x9d (IG-11-005, November 10, 2010)\n\nThis annual report, submitted as a memorandum from the Inspector General to the NASA\nAdministrator, provides the Office of Management and Budget (OMB) with our\nindependent assessment of NASA\xe2\x80\x99s information technology (IT) security posture. For\nFY 2010, we adopted a risk-based approach in which we selected high- and moderate-\nimpact non-national security Agency systems for review. We examined 40 systems that\nincluded systems from all 10 NASA Centers, NASA Headquarters, and the NASA Shared\nServices Center.\n\nAlthough our audit work identifies challenges to and weaknesses in NASA\xe2\x80\x99s IT security\nprogram, we believe that the Agency is steadily working to improve its overall IT security\nposture.\n\nOur report to OMB cited that NASA established a program for certification and\naccreditation, security configuration management, incident response and reporting,\nsecurity training, Plans of Actions and Milestones, remote access, account and identity\nmanagement, continuous monitoring, business continuity/disaster recovery, and\noverseeing systems operated by contractors. However, we found that internal controls for\nthese areas needed improvements.\n\nThe OMB\xe2\x80\x99s FY 2010 Report to Congress on Implementation of The Federal Information\nSecurity Management Act of 2002 includes information from our report. However, as an\n\xe2\x80\x9cIntra-Agency Memorandum,\xe2\x80\x9d our report is considered exempt from release under the\nFreedom of Information Act (FOIA); it also contains NASA Information\nTechnology/Internal Systems Data that is not routinely released under FOIA. To submit\na FOIA request, see the online guide.\n\x0c'